Security Labs


  digg   |   |     reddit
  newsvine   |     furl   |     technorati

Malicious FedEx Notification Emails


Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ ThreatSeeker™ Network has discovered a new campaign of malicious spam posing as FedEx notifications.

The notifications claim to be from FedEx and explain that a package sent by the recipient in the past month was not delivered. The message has an attachment claimed to be a copy of the invoice. The attachment is in a zip file but is actually a Trojan Downloader.

This spam wave is a continuation of an ongoing theme used in recent months of using a parcel service invoice as the social engineering attack vector.

Here is a screenshot of the malicious email:


Websense Messaging and Websense Web Security customers are protected against this attack.